๐ฅ The Ultimate OWASP MCP Top 10 Pentesting & Audit Framework ๐ฅ
Built for Students โข Pentesters โข Security Engineers โข Enterprises
Created by MR_INFECT
If OWASP Top 10 is the law, this repository is the courtroom.
This repository is the worldโs first # 1 end-to-end, checklist-driven, pentest-ready security framework dedicated exclusively to the OWASP Model Context Protocol (MCP) Top 10 โ 2025.
Designed to be:
- โ Auditor-defensible
- โ Pentester-usable
- โ Student-friendly
- โ Enterprise-grade
- โ Future-proof
โจ This is not documentation
โจ This is not theory
โจ This is not another blog dump
This repo is a:
- ๐ Master Security Checklist
- ๐ Pentesting Playbook
- ๐ Audit & Compliance Framework
- ๐ Learning Roadmap for MCP Security
- ๐ Single Source of Truth for MCP Risks
Every MCP vulnerability includes:
- Clear explanation
- Attack surface mapping
- Real-world failure scenarios
- Detection techniques
- Mitigation strategy
- Pentester checklist
- Scoring & evaluation logic
| ID | Vulnerability |
|---|---|
| MCP01 | Token Mismanagement & Secret Exposure |
| MCP02 | Privilege Escalation via Scope Creep |
| MCP03 | Tool Poisoning |
| MCP04 | Supply Chain Attacks & Dependency Tampering |
| MCP05 | Command Injection & Execution |
| MCP06 | Prompt Injection via Contextual Payloads |
| MCP07 | Insufficient Authentication & Authorization |
| MCP08 | Lack of Audit & Telemetry |
| MCP09 | Shadow MCP Servers |
| MCP10 | Context Injection & Over-Sharing |
โ Each item has its own deep-dive markdown
โ Each item is pentest-aligned
โ Each item is checklist-driven
The MCP Master Checklist allows you to:
- ๐ Evaluate MCP systems objectively
- ๐งฎ Calculate a numeric security score (/100)
- ๐ท๏ธ Classify MCP maturity (Critical โ Enterprise)
- ๐ Track progress over time
- ๐ ๏ธ Prioritize remediation efforts
If itโs not measurable, itโs not secure.
| Score | Maturity | Risk |
|---|---|---|
| 0โ30 | ๐ด Critical | Immediate compromise likely |
| 31โ50 | ๐ Weak | Easily exploitable |
| 51โ70 | ๐ก Moderate | Partial controls |
| 71โ85 | ๐ข Strong | Well-secured |
| 86โ100 | ๐ฃ Enterprise | Best-in-class |
โ Cybersecurity Students
โ Red Teamers & Pentesters
โ SOC Analysts
โ AI Engineers
โ DevSecOps Teams
โ Security Architects
โ Auditors & GRC Teams
โ Enterprises deploying AI agents
๐ฆ MCP-Master-Checklist
โฃ ๐ MCP01-Token-Mismanagement
โฃ ๐ MCP02-Privilege-Escalation
โฃ ๐ MCP03-Tool-Poisoning
โฃ ๐ MCP04-Supply-Chain-Attacks
โฃ ๐ MCP05-Command-Injection
โฃ ๐ MCP06-Prompt-Injection
โฃ ๐ MCP07-Authentication-Authorization
โฃ ๐ MCP08-Audit-Telemetry
โฃ ๐ MCP09-Shadow-MCP-Servers
โฃ ๐ MCP10-Context-OverSharing
โฃ ๐ MCP-master-checklist.md
โ ๐ README.md
LLMs are not secure by default. MCP expands the attack surface. Security must be designed โ not assumed.
This repository exists to kill blind trust in AI systems.
- ๐ฅ First MCP-only security checklist
- ๐ฅ Direct OWASP MCP Top 10 mapping
- ๐ฅ Pentest + Audit + Learning in one repo
- ๐ฅ SEO-optimized structure & keywords
- ๐ฅ Continuously evolving with MCP ecosystem
Contributions are welcome and encouraged.
You can help by:
- Adding labs
- Improving detection logic
- Adding tooling references
- Submitting real-world MCP failure cases
๐ฌ Open an issue or pull request.
If this repository helped you:
- โญ Star the repo
- ๐ Share it with your network
- โ Buy me a coffee (link coming soon)
Built with โ๏ธ by MR_INFECT
Breaking AI systems so the world can build safer ones.